The data security risks in today’s workplace present a conundrum for legal, IT and compliance departments. On the one hand, corporate security teams must make sure that corporate data is quickly retrievable for legal and regulatory needs. On the other, the proliferation of mobile phones, remote employees and collaborative cloud sites makes data vulnerable to breaches, employee fraud and regulatory changes.

What’s an organization to do?

Many are investing in information governance (IG). At its most basic, IG provides a framework for organizing and storing data for both accessibility and security while maintaining legal and regulatory compliance. One way companies are advancing IG is through the adoption of Microsoft Office 365, one of the world’s most popular cloud productivity suites. More than 60 million commercial Office 365 customers upload an estimated 1.37 terabytes of data each month to the Microsoft cloud.

Companies currently migrating to Office 365, or planning to, have the rare opportunity to update their IG and e-discovery programs to increase compliance and efficiency. Yet the move is not without its challenges; legal and compliance roadblocks can pop up at any time along the way. There are data protection concerns as well, including cross-border data transfer and data residency in general. Studies show vulnerability to advance email threats for corporations of all sizes.

For all these reasons, corporations should view Office 365 migrations as a critical business initiative that requires the involvement of the legal department as one of the primary decisions makers every step of the way. Here’s how to make the move.

The ideal migration involves all key stakeholders at the start of the project, giving legal the opportunity to evaluate the process and solution, and involve outside counsel to confirm sound methodology. Outside counsel review is an additional and valuable step that enhances defensibility.

Beyond the wide range of challenges organizations may face during a migration, moving to Office 365 is a prime opportunity to establish or refresh information governance, messaging, records and retention, and mobile device policies. Office 365 offers functionality that supports automated enforcement of policies and legal holds, making future compliance, as well as accessibility and security — more viable.